diff --git a/server/src/com/cloud/api/commands/DeletePortForwardingServiceRuleCmd.java b/server/src/com/cloud/api/commands/DeletePortForwardingServiceRuleCmd.java index 8fc542e0ce2..3bb96ccd286 100644 --- a/server/src/com/cloud/api/commands/DeletePortForwardingServiceRuleCmd.java +++ b/server/src/com/cloud/api/commands/DeletePortForwardingServiceRuleCmd.java @@ -25,23 +25,19 @@ import java.util.Map; import org.apache.log4j.Logger; import com.cloud.api.BaseCmd; +import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.Manager; import com.cloud.exception.PermissionDeniedException; import com.cloud.user.Account; import com.cloud.utils.Pair; - + +@Implementation(method="deleteNetworkRuleConfig", manager=Manager.NetworkManager) public class DeletePortForwardingServiceRuleCmd extends BaseCmd { public static final Logger s_logger = Logger.getLogger(DeletePortForwardingServiceRuleCmd.class.getName()); private static final String s_name = "deleteportforwardingserviceruleresponse"; - private static final List> s_properties = new ArrayList>(); - - static { - s_properties.add(new Pair(BaseCmd.Properties.USER_ID, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ACCOUNT_OBJ, Boolean.FALSE)); - s_properties.add(new Pair(BaseCmd.Properties.ID, Boolean.TRUE)); - } ///////////////////////////////////////////////////// //////////////// API parameters ///////////////////// @@ -68,10 +64,6 @@ public class DeletePortForwardingServiceRuleCmd extends BaseCmd { return s_name; } - public List> getProperties() { - return s_properties; - } - @Override public List> execute(Map params) { Long userId = (Long)params.get(BaseCmd.Properties.USER_ID.getName()); @@ -99,5 +91,12 @@ public class DeletePortForwardingServiceRuleCmd extends BaseCmd { } catch (PermissionDeniedException ex) { throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, ex.getMessage()); } - } + } + + + @Override + public String getResponse() { + // TODO Auto-generated method stub + return null; + } } diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index 4869087e8bb..93378ba25c5 100644 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -23,6 +23,7 @@ import java.util.Map; import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; import com.cloud.api.commands.CreateIPForwardingRuleCmd; import com.cloud.api.commands.CreateLoadBalancerRuleCmd; +import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd; import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; import com.cloud.dc.DataCenterVO; import com.cloud.dc.HostPodVO; @@ -237,5 +238,7 @@ public interface NetworkManager extends Manager { * @return - list of IP addresses */ List listPublicIpAddressesInVirtualNetwork(long accountId, long dcId, Boolean sourceNat); + + public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException; } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 11685f5d0cc..012b3f26ac5 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -61,6 +61,7 @@ import com.cloud.api.ServerApiException; import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; import com.cloud.api.commands.CreateIPForwardingRuleCmd; import com.cloud.api.commands.CreateLoadBalancerRuleCmd; +import com.cloud.api.commands.DeletePortForwardingServiceRuleCmd; import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; import com.cloud.async.AsyncJobExecutor; import com.cloud.async.AsyncJobManager; @@ -106,6 +107,7 @@ import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; import com.cloud.network.dao.LoadBalancerDao; import com.cloud.network.dao.LoadBalancerVMMapDao; +import com.cloud.network.dao.NetworkRuleConfigDao; import com.cloud.network.dao.SecurityGroupDao; import com.cloud.network.dao.SecurityGroupVMMapDao; import com.cloud.offering.ServiceOffering.GuestIpType; @@ -198,6 +200,8 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager @Inject ServiceOfferingDao _serviceOfferingDao = null; @Inject UserStatisticsDao _statsDao; @Inject UserVmDao _userVmDao; + @Inject FirewallRulesDao _firewallRulesDao; + @Inject NetworkRuleConfigDao _networkRuleConfigDao; long _routerTemplateId = -1; int _routerRamSize; @@ -2892,4 +2896,87 @@ public class NetworkManagerImpl implements NetworkManager, VirtualMachineManager (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN)); } + @Override + public boolean deleteNetworkRuleConfig(DeletePortForwardingServiceRuleCmd cmd) throws PermissionDeniedException { + + Long userId = UserContext.current().getUserId(); + Long netRuleId = cmd.getId(); + Account account = (Account)UserContext.current().getAccountObject(); + + //If command is executed via 8096 port, set userId to the id of System account (1) + if (userId == null) { + userId = Long.valueOf(1); + } + + // do a quick permissions check to make sure the account is either an + // admin or the owner of the security group to which the network rule + // belongs + NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(netRuleId); + long accountId = Account.ACCOUNT_ID_SYSTEM; + if (netRule != null) { + SecurityGroupVO sg = _securityGroupDao.findById(netRule.getSecurityGroupId()); + if (account != null) { + if (!BaseCmd.isAdmin(account.getType())) { + if ((sg.getAccountId() == null) || (sg.getAccountId().longValue() != account.getId().longValue())) { + throw new PermissionDeniedException("Unable to delete port forwarding service rule " + netRuleId + "; account: " + account.getAccountName() + " is not the owner"); + } + } else if (!_domainDao.isChildDomain(account.getDomainId(), sg.getDomainId())) { + throw new PermissionDeniedException("Unable to delete port forwarding service rule " + netRuleId + "; account: " + account.getAccountName() + " is not an admin in the domain hierarchy."); + } + } + if (sg != null) { + accountId = sg.getAccountId().longValue(); + } + } else { + return false; // failed to delete due to netRule not found + } + + return deleteNetworkRuleConfigInternal(userId, netRuleId); + + } + + private boolean deleteNetworkRuleConfigInternal(long userId, long networkRuleId) { + try { + NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId); + if (netRule != null) { + List sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId()); + if ((sgMappings != null) && !sgMappings.isEmpty()) { + for (SecurityGroupVMMapVO sgMapping : sgMappings) { + UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId()); + if (userVm != null) { + List fwRules = _firewallRulesDao.listIPForwarding(sgMapping.getIpAddress(), netRule.getPublicPort(), true); + FirewallRuleVO rule = null; + for (FirewallRuleVO fwRule : fwRules) { + if (fwRule.getPrivatePort().equals(netRule.getPrivatePort()) && fwRule.getPrivateIpAddress().equals(userVm.getGuestIpAddress())) { + rule = fwRule; + break; + } + } + + if (rule != null) { + rule.setEnabled(false); + updateFirewallRule(rule, null, null); + + // Save and create the event + Account account = _accountDao.findById(userVm.getAccountId()); + + _firewallRulesDao.remove(rule.getId()); + String description = "deleted ip forwarding rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + + ":" + rule.getPrivatePort() + "]" + " " + rule.getProtocol(); + + EventUtils.saveEvent(Long.valueOf(userId), account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_DELETE, description); + } + } + } + } + _networkRuleConfigDao.remove(netRule.getId()); + } + } catch (Exception ex) { + s_logger.error("Unexpected exception deleting port forwarding service rule " + networkRuleId, ex); + return false; + } + + return true; + } + } diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java index 1192c190271..d1f460faa88 100644 --- a/server/src/com/cloud/server/ManagementServer.java +++ b/server/src/com/cloud/server/ManagementServer.java @@ -1748,8 +1748,8 @@ public interface ManagementServer { boolean isSecurityGroupNameInUse(Long domainId, Long accountId, String name); SecurityGroupVO findSecurityGroupById(Long groupId); - boolean deleteNetworkRuleConfig(long userId, long networkRuleId); - long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException; +// boolean deleteNetworkRuleConfig(long userId, long networkRuleId); +// long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException; LoadBalancerVO findLoadBalancer(Long accountId, String name); LoadBalancerVO findLoadBalancerById(long loadBalancerId); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 452cbcfcde5..7399ceb94a4 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -3466,86 +3466,86 @@ public class ManagementServerImpl implements ManagementServer { return newFwRule; } - @Override - public boolean deleteNetworkRuleConfig(long userId, long networkRuleId) { - try { - NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId); - if (netRule != null) { - List sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId()); - if ((sgMappings != null) && !sgMappings.isEmpty()) { - for (SecurityGroupVMMapVO sgMapping : sgMappings) { - UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId()); - if (userVm != null) { - List fwRules = _firewallRulesDao.listIPForwarding(sgMapping.getIpAddress(), netRule.getPublicPort(), true); - FirewallRuleVO rule = null; - for (FirewallRuleVO fwRule : fwRules) { - if (fwRule.getPrivatePort().equals(netRule.getPrivatePort()) && fwRule.getPrivateIpAddress().equals(userVm.getGuestIpAddress())) { - rule = fwRule; - break; - } - } +// @Override +// public boolean deleteNetworkRuleConfig(long userId, long networkRuleId) { +// try { +// NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId); +// if (netRule != null) { +// List sgMappings = _securityGroupVMMapDao.listBySecurityGroup(netRule.getSecurityGroupId()); +// if ((sgMappings != null) && !sgMappings.isEmpty()) { +// for (SecurityGroupVMMapVO sgMapping : sgMappings) { +// UserVm userVm = _userVmDao.findById(sgMapping.getInstanceId()); +// if (userVm != null) { +// List fwRules = _firewallRulesDao.listIPForwarding(sgMapping.getIpAddress(), netRule.getPublicPort(), true); +// FirewallRuleVO rule = null; +// for (FirewallRuleVO fwRule : fwRules) { +// if (fwRule.getPrivatePort().equals(netRule.getPrivatePort()) && fwRule.getPrivateIpAddress().equals(userVm.getGuestIpAddress())) { +// rule = fwRule; +// break; +// } +// } +// +// if (rule != null) { +// rule.setEnabled(false); +// _networkMgr.updateFirewallRule(rule, null, null); +// +// // Save and create the event +// Account account = _accountDao.findById(userVm.getAccountId()); +// +// _firewallRulesDao.remove(rule.getId()); +// String description = "deleted ip forwarding rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() +// + ":" + rule.getPrivatePort() + "]" + " " + rule.getProtocol(); +// +// EventUtils.saveEvent(Long.valueOf(userId), account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_DELETE, description); +// } +// } +// } +// } +// _networkRuleConfigDao.remove(netRule.getId()); +// } +// } catch (Exception ex) { +// s_logger.error("Unexpected exception deleting port forwarding service rule " + networkRuleId, ex); +// return false; +// } +// +// return true; +// } - if (rule != null) { - rule.setEnabled(false); - _networkMgr.updateFirewallRule(rule, null, null); - - // Save and create the event - Account account = _accountDao.findById(userVm.getAccountId()); - - _firewallRulesDao.remove(rule.getId()); - String description = "deleted ip forwarding rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() - + ":" + rule.getPrivatePort() + "]" + " " + rule.getProtocol(); - - EventUtils.saveEvent(Long.valueOf(userId), account.getId(), EventVO.LEVEL_INFO, EventTypes.EVENT_NET_RULE_DELETE, description); - } - } - } - } - _networkRuleConfigDao.remove(netRule.getId()); - } - } catch (Exception ex) { - s_logger.error("Unexpected exception deleting port forwarding service rule " + networkRuleId, ex); - return false; - } - - return true; - } - - @Override - public long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException { - // do a quick permissions check to make sure the account is either an - // admin or the owner of the security group to which the network rule - // belongs - NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId); - long accountId = Account.ACCOUNT_ID_SYSTEM; - if (netRule != null) { - SecurityGroupVO sg = _securityGroupDao.findById(netRule.getSecurityGroupId()); - if (account != null) { - if (!BaseCmd.isAdmin(account.getType())) { - if ((sg.getAccountId() == null) || (sg.getAccountId().longValue() != account.getId().longValue())) { - throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not the owner"); - } - } else if (!isChildDomain(account.getDomainId(), sg.getDomainId())) { - throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not an admin in the domain hierarchy."); - } - } - if (sg != null) { - accountId = sg.getAccountId().longValue(); - } - } else { - return 0L; // failed to delete due to netRule not found - } - - Gson gson = GsonHelper.getBuilder().create(); - - AsyncJobVO job = new AsyncJobVO(); - job.setUserId(UserContext.current().getUserId()); - job.setAccountId(accountId); - job.setCmd("DeleteNetworkRuleConfig"); - job.setCmdInfo(gson.toJson(networkRuleId)); - - return _asyncMgr.submitAsyncJob(job); - } +// @Override +// public long deleteNetworkRuleConfigAsync(long userId, Account account, Long networkRuleId) throws PermissionDeniedException { +// // do a quick permissions check to make sure the account is either an +// // admin or the owner of the security group to which the network rule +// // belongs +// NetworkRuleConfigVO netRule = _networkRuleConfigDao.findById(networkRuleId); +// long accountId = Account.ACCOUNT_ID_SYSTEM; +// if (netRule != null) { +// SecurityGroupVO sg = _securityGroupDao.findById(netRule.getSecurityGroupId()); +// if (account != null) { +// if (!BaseCmd.isAdmin(account.getType())) { +// if ((sg.getAccountId() == null) || (sg.getAccountId().longValue() != account.getId().longValue())) { +// throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not the owner"); +// } +// } else if (!isChildDomain(account.getDomainId(), sg.getDomainId())) { +// throw new PermissionDeniedException("Unable to delete port forwarding service rule " + networkRuleId + "; account: " + account.getAccountName() + " is not an admin in the domain hierarchy."); +// } +// } +// if (sg != null) { +// accountId = sg.getAccountId().longValue(); +// } +// } else { +// return 0L; // failed to delete due to netRule not found +// } +// +// Gson gson = GsonHelper.getBuilder().create(); +// +// AsyncJobVO job = new AsyncJobVO(); +// job.setUserId(UserContext.current().getUserId()); +// job.setAccountId(accountId); +// job.setCmd("DeleteNetworkRuleConfig"); +// job.setCmdInfo(gson.toJson(networkRuleId)); +// +// return _asyncMgr.submitAsyncJob(job); +// } @DB protected boolean deleteIpForwardingRule(long userId, long accountId, String publicIp, String publicPort, String privateIp, String privatePort, String proto)